US man 'stole 130m card numbers'

The card details were allegedly stolen from three firms, including 7-Eleven

US prosecutors have charged a man with stealing data relating to 130 million credit and debit cards.

Officials say it is the biggest case of identity theft in American history.

They say Albert Gonzalez, 28, and two un-named Russian co-conspirators hacked into the payment systems of retailers, including the 7-Eleven chain.

Prosecutors say they aimed to sell the data on. If convicted, Mr Gonzalez faces up to 20 years in jail for wire fraud and five years for conspiracy.

He would also have to pay a fine of $250,000 (£150,000) for each of the two charges.

FROM THE TODAY PROGRAMME More from Today programme

Mr Gonzalez used a technique known as an "SQL injection attack" to access the databases and steal information, the US Department of Justice said.

His corporate victims included Heartland Payment Systems - a card payment processor - convenience store 7-Eleven and Hannaford Brothers, a supermarket chain, the DoJ said.

According to the indictment, the group researched the credit and debit card systems used by their victims, attacked their networks and sent the data to computer servers they operated in California, Illinois, Latvia, the Netherlands and Ukraine.

The data could then be sold on, enabling others to make fraudulent purchases, it said.

Mr Gonzalez, who had once been an informant for the US Secret Service helping to track hackers, is already in custody on separate charges of hacking into the computer system of a national restaurant chain.

This latest case will raise fresh concerns about the security of credit and debit cards used in the United States, the BBC's Greg Wood reports.

Have you been a victim of identity theft? What is your reaction to this story? Send us your comments.

The BBC may edit your comments and not all emails will be published. Your comments may be published on any BBC media worldwide.

E-mail this to a friend

Printable version